WAF-Scan protects web servers against web application based attacks including SQL and XSS injections. It allows IT administrators have a wide range of options for blocking and logging traffic as it passes through the WAF rules system. The rules system offers the possibility to define both positive and negative security models. The engine also allows for the real-time installation of emergency virtual patches at the gateway, to immediately detect and prevent any specific security issues.